CVE-2026-23048
Unknown Unknown - Not Provided
Use-After-Free Vulnerability in Linux Kernel UDP skb Handling

Publication date: 2026-02-04

Last updated on: 2026-02-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive path does not use skb->destructor. But skmsg layer does use it, since it calls skb_set_owner_sk_safe() from udp_read_skb(). This then triggers this warning in skb_attempt_defer_free(): DEBUG_NET_WARN_ON_ONCE(skb->destructor); We must call skb_orphan() to fix this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-04
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23048
EUVD
EUVD-2026-5499
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's UDP receive path. The issue arises because the standard UDP receive path does not use the skb->destructor, but the skmsg layer does, as it calls skb_set_owner_sk_safe() from udp_read_skb(). This leads to a warning triggered in skb_attempt_defer_free() due to the destructor being set. The fix involves calling skb_orphan() before skb_attempt_defer_free() to prevent this warning and properly handle the skb destructor.

Impact Analysis

The vulnerability causes a warning in the kernel related to skb destructor handling, which could potentially lead to improper memory management or unexpected behavior in the UDP receive path. However, the exact impact on system security or stability is not detailed in the provided information.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The vulnerability is resolved by ensuring that skb_orphan() is called before skb_attempt_defer_free() in the UDP receive path of the Linux kernel.

To mitigate this vulnerability, update your Linux kernel to a version where this fix has been applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23048. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart